TrivadisContent

Oracle Database Appliance X6-L Memory Expansion – Overwritten HugePage Settings after Reboot

A Customer has extended his Oracle Database Appliance X6-L with Oracle Database Appliance Memory Expansion Kit from 192GB to 384GB. After the first startup, the odacli tool has recognized the additional available memory and gave us the suggested value for the new HugePage settings.

The ODA has the newest available patchset applied, OS is Oracle Enterprise Linux 6.10.

Update the OS Configuration

Oracle suggested the new values for the HugePage settings to 135350MB. 

According the Oracle documentation Oracle® Database Appliance X6-2S/X6-2M/X6-2L Deployment and User’s Guide – Section 13.14 – we updated the OS configuration by odacli. The job was finished after some seconds.

odacli update-osconfigurations (page 13-70)
Use the command odacli update-osconfigurations to update the HugePage and memlock values.

Verfication

The HugePage Settings were updated now.

Time for a hardware restart.

Old HugePage Values after ODA Restart

But, after the machine has started, the old HugePage values were back again. But who has overwritten the settings?

An SR has solved the problem, the are two files in the OS which are responsible for that behavior:

  • /etc/sysctl.d/99-initial-sysctl.conf
  • /etc/sysctl.d/99-oracle-rdbms-server-12cR1-preinstall-sysctl.conf

We take a look at the values:

Solution: Remove these two Files

First, we updated the OS Configuration again.

Second, we removed the files.

Third, we restarted the Oracle Database Appliance.

Finally

HugePage settings are persistent now. By the way, there is an My Oracle Support note for the OS Level 6.10 which describes such a case too:

Changes in sysctl.conf File are not Persistent after Reboot (Doc ID 2477376.1)

How to build OCI Infrastructure Environments with Ansible

The Oracle provided Ansible module gives us the opportunity to provision and configure Oracle Cloud Infrastructure resources on an automated base. The Ansible basic setup is very easy and the Oracle provided example playbooks in Git are a good base to start with your infrastructure automation project. Oracle provides Ansible example playbooks for

  • Block Volumes
  • Compute 
  • Database
  • File Storage
  • IAM
  • Load Balancer
  • Private Subnets with VPN
  • Delete Objects
  • etc.

In this blog post, I will show you how easy it is to bring Ansible and the Oracle Cloud Infrastructure together. 

Requirements

  • A local machine to install Ansible and the required software and modules, in my case it’s an Oracle Linux 7 virtual machine with Internet access.
  • An Oracle Cloud Infrastructure Account with permissons to create new resources.

Steps to configure Ansible and OCI

  1. Install and configure the Oracle Cloud Infrastructure Python SDK
  2. Install and configure Ansible
  3. Download and configure the OCI modules for Ansible
  4. OCI Test Run

Install and configure the Oracle Cloud Infrastructure Python SDK

In this step, the OCI Python SDK will be installed an configured. The new created SSH public key has to be added in the OCI console for further actions.  As OS user root we create a new operating system user called oci for Oracle Cllud Infrastrcuture actions and give him sudo privileges.

Create a User and SSH Keys

Add this line in /etc/sudoers.

Login as user oci, create a new SSH key and download an configure the OCI SDK. Protect your keys.

Show the public key and add it in the OCI console to your cloud account user.

 

The OCI Configuration File

As user oci, create the Oracle Cloud Infrastructure configuration file

Content of the file – for example in region Frankfurt and with the created SSH key file from above.

Change the file permissions.

Install the Oracle Cloud Infrastructure Python SDK

Test

Command to list all instances in the selected compartment.

Install and configure Ansible

As user oci, download and install Ansible and Git.

Set up the module directory.

Install additional packages.

This upgrade step is required, otherwise the public key creation in the OCI Ansible module fails (for example when you want to launch a new Compute instance).

Download and configure the OCI modules for Ansible

As user oci, download the Ansible modules from Git.

Show the content.

Change into the new created directory and execute the configuration script install.py.

OCI Test Run

We copy the example playbook to launch a Compute cloud instance into the local folder and run the playbook. The Oracle provided playbook needs three variables:

SAMPLE_AD_NAME Availability Domain, e.g. EUZg:EU-FRANKFURT-1-AD-1
SAMPLE_IMAGE_OCID OCID of the selected OS – see https://docs.cloud.oracle.com/iaas/images/ to list all available images
SAMPLE_COMPARTMENT_OCID OCID of your compartment – OCI > Identity > Compartments

 

Create a working directory and copy the example playbook.

Set variables.

Run the playbook

Attention: All OCI resources are created and afterwards terminated immediately. If you don’t want to terminate them, comment out this line in file sample.yaml.

Execute the Ansible playbook. The infrastructure will be created step by step. Key generation, network configuration, firewall rule setup, instance creation etc. is all automated.

Ready to Use

After a few minutes, a complete infrastructure for an OCI compute instance is created and the instance is ready to connect. 

The required SSH keys for the terminal connection were generated in a subdirectory of /tmp with the prefix ansible. In my example, the private and the public SSH key are located in /tmp/ansible.v6ckX0cert.

Links

Summary

The Oracle provided Ansible playbooks are a good entry point to start with OCI automation. I am already working at the next tasks to make my work easier with more variables and simplified playbooks. And finally I want to integrate it in Ansible AWX. Well done Oracle!

Oracle Database Backup Service – Encrypt your 12.2 Database Backups to the Cloud

The Oracle RMAN backup encryption is necessary if you want to backup your database into the Oracle cloud. In Oracle 12c, you have three methods available to encrypt an Oracle RMAN backup:

  • with a passphrase
  • with a master encryption key
  • hybrid with a passphrase and an encryption key

On docs.oracle.com, the basic setup is described here: https://docs.oracle.com/en/cloud/paas/db-backup-cloud/csdbb/configuring-encryption-backups.html#GUID-4A1F5CF5-7EAF-4D71-9B7F-B46412F552CE

In this blog post, I show you how to configure your database environment with a master encryption key and a keystore. I use this solution to to backup and recovery to and into the Oracle cloud. And in the cloud, I don’t like to type in passwords manually for every action or write passwords in backup and restore scripts.

There are also some issues reports like in My Oracle Support Note TDE Wallet Problem in 12c: Cannot do a Set Key operation when an auto-login wallet is present (Doc ID 1944507.1).

Here are steps to create an autologin wallet.

Configure SQLNET.ora in $TNS_ADMIN to use a Keystore

Create Keystore as SYSDBA

Open Keystore

The status is set to OPEN_NO_MASTER_KEY.

Set Master Key

Now the master key has to defined. When you have already defined a wallet earlier and deleted the keys,  you have to set the undocumented parameter to set the master key again. This works here too to set the key. Otherwise you get an ORA-28374: typed master key not found in wallet error. See Master Note For Transparent Data Encryption ( TDE ) (Doc ID 1228046.1) for further information.

Now the status is set to OPEN.

Activate Auto Login

Restart the Database

Verify if the keystore is available and WALLET_TYPE is AUTOLOGIN.

Configure RMAN for Encryption

RMAN Backup Test

A simple RMAN controlfile backup into the Oracle cloud (OPC Backup Module is already configured).

Error message if you want to backup into the Oracle cloud and the encryption is not configured correctly:

Backup Verification in V$BACKUP_PIECE – Column ENCRYPTED

Links

http://www.oracle.com/technetwork/database/security/twp-transparent-data-encryption-bes-130696.pdf

http://www.oracle.com/technetwork/database/security/index-095354.html

DATABASE PATCH SET UPDATE 12.1.0.2.170117 apply fails – catconInit failed, exiting

Last weekend was patchday. The goal was to apply the patch 24732082 (DATABASE PATCH SET UPDATE 12.1.0.2.170117) to a 12.1.0.2 database on AIX. The OPatch precheck returned no error and OPatch apply was ok. The problem was the post step, the datapatch command failed with the message catconInit failed, exiting.

The solution was described in this My Oracle Support Note: Datapatch fails with “catconInit: database is not open on the default instance” (Doc ID 2003488.1)

In the glogin.sql file  located in ORACLE_HOME/sqlplus/admin were two lines:

After I have commented out these lines, everything runs ok.

Summary: Two small lines, a big impact.

Oracle Data Pump with the 12.2.0.1.0 Instant Client for Linux x86-64

From the Oracle Database 12c Release 2 (12.2) New Features Guide:

Adding Oracle Data Pump and SQL*Loader Utilities to Instant Client

This feature adds SQL*Loader, expdp, impdp, exp, and imp to the tools for instant client.

Now you can run these utilities on machines that do not have a complete Oracle Database installation.

The newest release of the Oracle Instant Client for Linux x86-64 has an additional package called Tools. This package contains Data Pump, SQL*Loader and the Workload Replay Client for Real Aplication Testing. The good old import export tools is included too. This is very nice.

For example, if you want to load application log files with SQL*Loader into the database which are located on a separate server, there is no need for the client installation anymore. Or if your developers want to export data with Data Pump, all they need is the Instant Client now.

Just install – or better say unzip – the Instant Client basic package and the tools. Set some variables and go for it. The Instant Client packages are available as zip and as rpm for Unix systems. The rpm method requires root access to install.

Sizes of the Zip-Files

  • Instant Client Package – Basic:  66 Megabyte
  • Instant Client Package – Tools:   1 Megabyte

Zip Download URLs

SQL*Plus® User’s Guide and Reference

https://docs.oracle.com/database/122/SQPUG/SQL-Plus-instant-client.htm#SQPUG157

Instant Client Directory Content

Example for the Instant Client directory content on a Oracle Linux 7.2 server – Basic and Tools package installed.

Let’s Data Pump

Set the environment variables. TNS_ADMIN is where my tnsnames.ora / sqlnet.ora are located.

Start a Data Pump Export

Permission denied

If you get a permission denied error, change the file properties.

Operating System Availability of the Tools Package

At the moment – 22th of March 2017 – the tools packages is only available for these operating systems:

  • Microsoft Windows (x64)
  • Linux x86-64
  • Solaris Operating System (SPARC 64-bit)

I hope the AIX release will coming soon 🙂